BankInfoSecurity.com

Attack Spotlights Threats, Risks Facing Healthcare Supply Chain
UFP Technologies, a Massachusetts-based maker of single-use medical devices and other healthcare supplies, has notified the U.S. Securities and Exchange Commission of a cyber incident discovered on Valentine's Day that involved the theft or destruction of company data.

State Officials Investigating Breach of Back-Office Services Provider Found in 2025
The victim count in the 2024 hack on back-office support services vendor Conduent Business Services has just ballooned again, with the Xerox-spinoff now reporting to Wisconsin regulators that the incident affected "25 million-plus" people nationwide.

Emergency CISA Directive Lands as DHS Shutdown Strains Cyber Operations
The Cybersecurity and Infrastructure Security Agency issued a directive Wednesday ordering civilian agencies to secure and hunt for compromise in vulnerable Cisco SD-WAN systems after officials observed active exploitation - while warning that shutdown-related disruptions heighten operational risk.

Lawsuit Claims SonicWall Cloud Backup Flaw Led to Ransomware Attack Against Marquis
Marquis Software Solutions has sued SonicWall alleging a cloud backup data breach exposed firewall configuration files, including credentials and multifactor authentication scratch codes. The firm says the breach enabled an August 2025 ransomware attack and triggered dozens of class action lawsuits.

Venture Capitalist Nick Davidov Points to Market Demand, Vulnerability Trends
Anthropic's new AI-powered code security tool may have triggered a market selloff this week, but venture capitalists aren't rewriting their investment plans for cybersecurity vendors, said Nick Davidov, co-founder and managing partner at San Francisco-based venture capital firm DVC.

Officials Warn Funding Cuts, Fragmented Intelligence Sharing Slow Threat Response
State and local officials told lawmakers that funding cuts, fragmented intelligence pipelines and unresolved interoperability gaps are undermining cyber and critical infrastructure protections as the country prepares for the 2026 World Cup and a series of high-profile global events.

Council of the EU Rejects Redefinition of 'Personal Data'
A rejection by European Union member governments of proposal backed by the European Commission to make it easier to share data about individuals won cautious plaudits from Paul Nemitz, a key architect of Europe's General Data Protection Regulation.

Power Capacity Is Growing But 26% of Projects Faced Delays, Experts Warn
For years, enterprise cloud computing has felt like a "sky's the limit" endeavor, but that aspiration is coming crashing to the ground as the industry faces a hard new reality. Growth is being constrained by the very real physical limitations of the world's power grids.

Index Ventures Backs End-to-End Platform, Targeting of AI-Driven Vulnerability Risk
Astelia raised $35 million in Series A funding led by Index Ventures to scale its AI-powered exposure management tool. The company uses AI agents and network analysis to help enterprises prioritize exploitable vulnerabilities and reduce remediation noise across hybrid and on-premises environments.

Gen AI Nears 98% Adoption as OTel Gains Ground in Production
From automated correlation to agentic AI that investigates and remediates incidents, observability is entering a new phase. With generative AI adoption accelerating and OpenTelemetry gaining production ground, integrated intelligence is becoming table stakes.

Why Governance, Access Control and Vendor Oversight Now Define Patient Safety
Healthcare breaches do not start with a single technical failure. Digital risk has become clinical risk, driven by weak governance, excess access and unmanaged vendors. Resilience now depends on governance, not more tooling.

Report: Lazarus Group Pivoting to Medusa Ransomware for Extortion Attacks
North Korean-state backed Lazarus Group hackers are using Medusa ransomware in extortion attacks on U.S. healthcare entities despite a 2024 U.S. indictment of Rim Jong Hyok, an alleged member of the Lazarus subgroup Stonefly, according to a new threat intelligence report.

DeepSeek, MoonShot AI, MiniMax Used 24,000 Fake Accounts in Campaign
Anthropic has accused three Chinese AI firms of running coordinated, large-scale operations to steal capabilities from its Claude models. The U.S.-based company said DeepSeek, Moonshot AI and MiniMax are conducting "industrial-scale campaigns" using tens of thousands of fraudulent accounts.

How Claude's New AI Code Scanning Tool Will Challenge Application Security Leaders
Anthropic's debut of Claude Code Security jolted cybersecurity stocks and intensified competition in application security testing. It promises deep reasoning around identifying and remediating code vulnerabilities but faces steep challenges matching the feature breadth required by large enterprises.